CVE-2021-20593
CVSS V2 Medium 5.5
CVSS V3 High 7.1
Description
Incorrect Implementation of Authentication Algorithm in Mitsubishi Electric Air Conditioning System/Centralized Controllers (G-50A Ver.2.50 to Ver. 3.35, GB-50A Ver.2.50 to Ver. 3.35, AG-150A-A Ver.3.20 and prior, AG-150A-J Ver.3.20 and prior, GB-50ADA-A Ver.3.20 and prior, GB-50ADA-J Ver.3.20 and prior, EB-50GU-A Ver 7.09 and prior, EB-50GU-J Ver 7.09 and prior, AE-200A Ver 7.93 and prior, AE-200E Ver 7.93 and prior, AE-50A Ver 7.93 and prior, AE-50E Ver 7.93 and prior, EW-50A Ver 7.93 and prior, EW-50E Ver 7.93 and prior, TE-200A Ver 7.93 and prior, TE-50A Ver 7.93 and prior, TW-50A Ver 7.93 and prior, CMS-RMD-J Ver.1.30 and prior) and Air Conditioning System/Expansion Controllers (PAC-YG50ECA Ver.2.20 and prior) allows a remote authenticated attacker to impersonate administrators to disclose configuration information of the air conditioning system and tamper information (e.g. operation information and configuration of air conditioning system) by exploiting this vulnerability.
Overview
- CVE ID
- CVE-2021-20593
- Assigner
- Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp
- Vulnerability Status
- Analyzed
- Published Version
- 2021-07-13T14:15:08
- Last Modified Date
- 2021-08-05T15:17:43
Weakness Enumerations
CPE Configuration (Product)
| CPE | Vulnerable | Operator | Version Start | Version End |
|---|---|---|---|---|
| AND | ||||
| cpe:2.3:o:mitsubishi:g-50a_firmware:*:*:*:*:*:*:*:* | 1 | OR | 2.50 | 3.35 |
| cpe:2.3:h:mitsubishi:g-50a:-:*:*:*:*:*:*:* | 0 | OR | ||
| AND | ||||
| cpe:2.3:o:mitsubishi:gb-50a_firmware:*:*:*:*:*:*:*:* | 1 | OR | 2.50 | 3.35 |
| cpe:2.3:h:mitsubishi:gb-50a:-:*:*:*:*:*:*:* | 0 | OR | ||
| AND | ||||
| cpe:2.3:o:mitsubishi:ag-150a-a_firmware:*:*:*:*:*:*:*:* | 1 | OR | 3.20 | |
| cpe:2.3:h:mitsubishi:ag-150a-a:-:*:*:*:*:*:*:* | 0 | OR | ||
| AND | ||||
| cpe:2.3:o:mitsubishi:ag-150a-j_firmware:*:*:*:*:*:*:*:* | 1 | OR | 3.20 | |
| cpe:2.3:h:mitsubishi:ag-150a-j:-:*:*:*:*:*:*:* | 0 | OR | ||
| AND | ||||
| cpe:2.3:o:mitsubishi:gb-50ada-a_firmware:*:*:*:*:*:*:*:* | 1 | OR | 3.20 | |
| cpe:2.3:h:mitsubishi:gb-50ada-a:-:*:*:*:*:*:*:* | 0 | OR | ||
| AND | ||||
| cpe:2.3:o:mitsubishi:gb-50ada-j_firmware:*:*:*:*:*:*:*:* | 1 | OR | 3.20 | |
| cpe:2.3:h:mitsubishi:gb-50ada-j:-:*:*:*:*:*:*:* | 0 | OR | ||
| AND | ||||
| cpe:2.3:o:mitsubishi:eb-50gu-a_firmware:*:*:*:*:*:*:*:* | 1 | OR | 7.09 | |
| cpe:2.3:h:mitsubishi:eb-50gu-a:-:*:*:*:*:*:*:* | 0 | OR | ||
| AND | ||||
| cpe:2.3:o:mitsubishi:eb-50gu-j_firmware:*:*:*:*:*:*:*:* | 1 | OR | 7.09 | |
| cpe:2.3:h:mitsubishi:eb-50gu-j:-:*:*:*:*:*:*:* | 0 | OR | ||
| AND | ||||
| cpe:2.3:o:mitsubishi:ae-200a_firmware:*:*:*:*:*:*:*:* | 1 | OR | 7.93 | |
| cpe:2.3:h:mitsubishi:ae-200a:-:*:*:*:*:*:*:* | 0 | OR | ||
| AND | ||||
| cpe:2.3:o:mitsubishi:ae-200e_firmware:*:*:*:*:*:*:*:* | 1 | OR | 7.93 | |
| cpe:2.3:h:mitsubishi:ae-200e:-:*:*:*:*:*:*:* | 0 | OR | ||
| AND | ||||
| cpe:2.3:o:mitsubishi:ae-50a_firmware:*:*:*:*:*:*:*:* | 1 | OR | 7.93 | |
| cpe:2.3:h:mitsubishi:ae-50a:-:*:*:*:*:*:*:* | 0 | OR | ||
| AND | ||||
| cpe:2.3:o:mitsubishi:ae-50e_firmware:*:*:*:*:*:*:*:* | 1 | OR | 7.93 | |
| cpe:2.3:h:mitsubishi:ae-50e:-:*:*:*:*:*:*:* | 0 | OR | ||
| AND | ||||
| cpe:2.3:o:mitsubishi:ew-50a_firmware:*:*:*:*:*:*:*:* | 1 | OR | 7.93 | |
| cpe:2.3:h:mitsubishi:ew-50a:-:*:*:*:*:*:*:* | 0 | OR | ||
| AND | ||||
| cpe:2.3:o:mitsubishi:ew-50e_firmware:*:*:*:*:*:*:*:* | 1 | OR | 7.93 | |
| cpe:2.3:h:mitsubishi:ew-50e:-:*:*:*:*:*:*:* | 0 | OR | ||
| AND | ||||
| cpe:2.3:o:mitsubishi:te-200a_firmware:*:*:*:*:*:*:*:* | 1 | OR | 7.93 | |
| cpe:2.3:h:mitsubishi:te-200a:-:*:*:*:*:*:*:* | 0 | OR | ||
| AND | ||||
| cpe:2.3:o:mitsubishi:te-50a_firmware:*:*:*:*:*:*:*:* | 1 | OR | 7.93 | |
| cpe:2.3:h:mitsubishi:te-50a:-:*:*:*:*:*:*:* | 0 | OR | ||
| AND | ||||
| cpe:2.3:o:mitsubishi:tw-50a_firmware:*:*:*:*:*:*:*:* | 1 | OR | 7.93 | |
| cpe:2.3:h:mitsubishi:tw-50a:-:*:*:*:*:*:*:* | 0 | OR | ||
| AND | ||||
| cpe:2.3:o:mitsubishi:cms-rmd-j_firmware:*:*:*:*:*:*:*:* | 1 | OR | 1.30 | |
| cpe:2.3:h:mitsubishi:cms-rmd-j:-:*:*:*:*:*:*:* | 0 | OR | ||
| AND | ||||
| cpe:2.3:o:mitsubishi:pac-yg50eca_firmware:*:*:*:*:*:*:*:* | 1 | OR | 2.20 | |
| cpe:2.3:h:mitsubishi:pac-yg50eca:-:*:*:*:*:*:*:* | 0 | OR |
CVSS Version 2
- Version
- 2.0
- Vector String
- AV:N/AC:L/Au:S/C:P/I:P/A:N
- Access Vector
- NETWORK
- Access Compatibility
- LOW
- Authentication
- SINGLE
- Confidentiality Impact
- PARTIAL
- Integrity Impact
- PARTIAL
- Availability Impact
- NONE
- Base Score
- 5.5
- Severity
- MEDIUM
- Exploitability Score
- 8
- Impact Score
- 4.9
CVSS Version 3
- Version
- 3.1
- Vector String
- CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N
- Attack Vector
- NETWORK
- Attack Compatibility
- LOW
- Privileges Required
- LOW
- User Interaction
- NONE
- Scope
- UNCHANGED
- Confidentiality Impact
- LOW
- Availability Impact
- NONE
- Base Score
- 7.1
- Base Severity
- HIGH
- Exploitability Score
- 2.8
- Impact Score
- 4.2
References
| Reference URL | Reference Tags |
|---|---|
| https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2021-004_en.pdf | Vendor Advisory |
| https://jvn.jp/vu/JVNVU96046575/index.html | Third Party Advisory |
Sources
| Source Name | Source URL |
|---|---|
| NIST | https://nvd.nist.gov/vuln/detail/CVE-2021-20593 |
| MITRE | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20593 |
History
| Created | Old Value | New Value | Data Type | Notes |
|---|---|---|---|---|
| 2022-05-10 06:58:15 | Added to TrackCVE | |||
| 2022-12-05 05:58:44 | 2021-07-13T14:15Z | 2021-07-13T14:15:08 | CVE Published Date | updated |
| 2022-12-05 05:58:44 | 2021-08-05T15:17:43 | CVE Modified Date | updated | |
| 2022-12-05 05:58:44 | Analyzed | Vulnerability Status | updated |